Forcepoint DLP basics
Forcepoint DLP protects organizations from data loss by:
- Monitoring data as it travels inside or outside the organization
- Protecting data while it is being manipulated in office applications, with policy- based controls that align with business processes
- Identifying and ranking high-risk incidents to help prevent or remediate data loss and data theft
Forcepoint DLP has the following main components:
- The management server is a Windows-based machine that hosts the Forcepoint Security Manager and Forcepoint DLP software.
The management server provides the core information loss technology, capturing fingerprints, applying policies, and storing incident forensics. A deployment can include multiple Forcepoint DLP servers to share the analysis load, but there is only one management server.
- A policy engine resides on all Forcepoint DLP servers, Web Content Gateway servers, and Forcepoint Email Security appliances. Policy engines are also integrated with
Windows, Mac OS X, and Linux endpoints running Forcepoint DLP Endpoint.
The policy engine is responsible for parsing data and using analytics to compare it to the rules in policies.
- The analytics engine resides on a 64-bit Linux machine.
It is used to identify potentially risky incidents, rank them with similar activity, and assign them a risk score.
- The policy database is a repository for Forcepoint DLP policies. For optimal performance, it is stored locally on each server (like the fingerprint database).